cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
833
Views
0
Helpful
2
Replies

Trust between Cisco Router and HP Switch

Hello,

 

i had given the following problem.

 

LAN<->Switch_Branch_Office[HP]<->CE Router_Branch_Office[Cisco]<->MPLS<->Radiusserver_ClearPath_Datacenter[HP]

 

I am owning the CE Router, and the MPLS. So HP Switch and Radius are owned by the customer.

 

The customer wants to authenticate not only the pc ( Supplicants ) but also the CE Router with his Radius server. ( Government Rule )

The Problem in my Head is, that when i enable a 802.1x Supplicant on the Router(cisp client) to authenticate against the HP  switch (Authenticator) the Radius IP lies behind the Interface that has to be authenticated. ( will not succeed )

 

So in my opinion there is only the possibility of a local fallback of the hp switch with local EAP-TLS. The question is, is this somehow possible to authenticate a L2 Access/Trunk with SVI or subinterface port or a Routed Port from the switch to the router, without using the Radius server ? Like some MACSec, between pure cisco devices ?

 

Best regards,

Robert

 

2 REPLIES 2
hslai
Cisco Employee

I've moved your discussion to Routing as the only Cisco element in your network is a router.

As both the switch and the RADIUS server is of HP, I would suggest you to check with HPE support resources if you have not done so already. The MacSec has some potential but you need to verify whether the switch and the router have compatible support.

ok, thank you. maybe someone has a hint for me. best regards, robert